The Problem

Code signing is the single most frustrating part of iOS development. It's a system of certificates, provisioning profiles, entitlements, and keychain management that exists for security but creates hours of debugging time.

Every React Native developer has lost at least one full day to this. Most lose several.

Why It's So Painful

Certificates Expire

Apple Distribution certificates expire after 1 year. When they do:

• All builds fail
• You need to generate a new certificate
• You need to update all provisioning profiles
• You need to redistribute to all team members

Provisioning Profiles Are Fragile

A provisioning profile ties together:

• Your Apple Developer account
• A specific app (bundle ID)
• A certificate
• A set of devices (for development)
• Entitlements (push notifications, in-app purchases, etc.)

Change any one of these, and the profile is invalid.

Xcode's "Automatic Signing" Isn't

Xcode's automatic signing works for simple cases. For anything involving:

• Multiple build configurations
• CI/CD pipelines
• Team distribution
• Push notifications + in-app purchases

...it breaks. And when it breaks, the error messages are cryptic.

Time Cost

Scenario	Time Lost
First-time setup	4-8 hours
Certificate renewal	2-4 hours
"Works on my machine" debugging	2-6 hours
CI/CD signing setup	4-8 hours
Total first year	12-26 hours

How Shippen Handles It

Expo's EAS Build handles code signing in the cloud:

1. eas credentials manages all certificates and profiles
2. Profiles are stored and renewed automatically
3. No local keychain configuration needed
4. CI/CD just works — credentials are managed server-side

Shippen's automation scripts wrap this into simple commands:

# Generate or renew all credentials
pnpm certs:ios

# Build and submit in one command
pnpm deploy:all

You never touch Xcode's signing settings.

Related

• Expo EAS Build — the tool that automates this
• App Store Rejection — what happens when signing goes wrong